Versions Compared

Old Version 28

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 29

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Migrating to REFEDS R&S Phase II

Outline of Phase II

Notetip
titleMigrate Start planning your migration to REFEDS R&S now!
If you are an IdP operator that supports the Research & Scholarship category, now is the time to start planning your migration strategy to REFEDS R&S! (reference needed)
Note
titleExporting R&S IdPs to eduGAIN

R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.

Migration Process for Existing R&S IdPs

To migrate to REFEDS R&S, an IdP that supports R&S completes the following sequence of steps:

  1. Review the authoritative REFEDS Research & Scholarship Entity Category specification

  2. Change your IdP's attribute release policy from this:

    Code Block
    titleThe configuration of an IdP that HAS NOT migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

    to this:

    Code Block
    titleThe configuration of an IdP that HAS migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

    The latter configuration recognizes the REFEDS R&S entity attribute value instead of the legacy InCommon R&S entity attribute value.

  3. Declare your ability to support REFEDS R&S by submitting a short form

That's all an existing R&S IdP has to do to migrate to REFEDS R&S!

When an R&S IdP migrates to REFEDS R&S (as above), the , a multivalued entity attribute in IdP metadata is changed from this:

Code Block
titleThe entity attribute of an IdP that HAS NOT migrated to REFEDS R&S
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the InCommon entity attribute value for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

to this:

Code Block
titleThe entity attribute of an IdP that HAS migrated to REFEDS R&S
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- multivalued entity attribute for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

Note, however, that is inserted into IdP metadata. Whether or not an IdP completes the migration, only the REFEDS R&S entity attribute value is exported to eduGAIN!:

Note
titleExporting the R&S entity attribute

The legacy InCommon R&S entity attribute value

http://id.incommon.org/category/research-and-scholarship

is not exported to eduGAIN. Only the REFEDS R&S entity attribute value

http://refeds.org/category/research-and-scholarship

is exported to eduGAIN!

See the R&S Entity Metadata wiki page for details about entity attributes in metadata.

Decision Point for TAC

Two concrete options are outlined for convenience but of course a range of options is possible.

...